From eb062c6b109022919caf7ce1304d989bd93c8849 Mon Sep 17 00:00:00 2001 From: Krzysztof Wolski Date: Fri, 2 Sep 2022 16:52:44 +0200 Subject: [PATCH 1/3] Update types on headers util --- src/headers.ts | 15 ++++++++++----- src/middleware/with-jwt-verified.ts | 9 ++++++++- .../with-registered-saleor-domain-header.ts | 6 ++++++ src/middleware/with-webhook-signature-verified.ts | 9 ++++++++- 4 files changed, 32 insertions(+), 7 deletions(-) diff --git a/src/headers.ts b/src/headers.ts index fa43f3a..068f9cc 100644 --- a/src/headers.ts +++ b/src/headers.ts @@ -5,9 +5,14 @@ import { SALEOR_SIGNATURE_HEADER, } from "./const"; -export const getSaleorHeaders = (headers: { [name: string]: any }) => ({ - domain: headers[SALEOR_DOMAIN_HEADER], - authorizationBearer: headers[SALEOR_AUTHORIZATION_BEARER_HEADER], - signature: headers[SALEOR_SIGNATURE_HEADER], - event: headers[SALEOR_EVENT_HEADER], +const toStringOrUndefined = (value: string | string[] | undefined) => + value ? value.toString() : undefined; + +export const getSaleorHeaders = (headers: { + [name: string]: string | string[] | undefined; +}): Record => ({ + domain: toStringOrUndefined(headers[SALEOR_DOMAIN_HEADER]), + authorizationBearer: toStringOrUndefined(headers[SALEOR_AUTHORIZATION_BEARER_HEADER]), + signature: toStringOrUndefined(headers[SALEOR_SIGNATURE_HEADER]), + event: toStringOrUndefined(headers[SALEOR_EVENT_HEADER]), }); diff --git a/src/middleware/with-jwt-verified.ts b/src/middleware/with-jwt-verified.ts index 062f0f2..9921e3f 100644 --- a/src/middleware/with-jwt-verified.ts +++ b/src/middleware/with-jwt-verified.ts @@ -2,7 +2,7 @@ import * as jose from "jose"; import type { Middleware, Request } from "retes"; import { Response } from "retes/response"; -import { SALEOR_AUTHORIZATION_BEARER_HEADER } from "../const"; +import { SALEOR_AUTHORIZATION_BEARER_HEADER, SALEOR_DOMAIN_HEADER } from "../const"; import { getSaleorHeaders } from "../headers"; import { getJwksUrl } from "../urls"; @@ -24,6 +24,13 @@ export const withJWTVerified = }); } + if (domain === undefined) { + return Response.BadRequest({ + success: false, + message: `${ERROR_MESSAGE} Missing ${SALEOR_DOMAIN_HEADER} header.`, + }); + } + let tokenClaims: DashboardTokenPayload; try { tokenClaims = jose.decodeJwt(token as string) as DashboardTokenPayload; diff --git a/src/middleware/with-registered-saleor-domain-header.ts b/src/middleware/with-registered-saleor-domain-header.ts index 86c7e04..70e1033 100644 --- a/src/middleware/with-registered-saleor-domain-header.ts +++ b/src/middleware/with-registered-saleor-domain-header.ts @@ -9,6 +9,12 @@ export const withRegisteredSaleorDomainHeader = (handler) => async (request) => { const { domain: saleorDomain } = getSaleorHeaders(request.headers); + if (!saleorDomain) { + return Response.BadRequest({ + success: false, + message: "Domain header missing.", + }); + } const authData = await apl.get(saleorDomain); if (!authData) { return Response.Forbidden({ diff --git a/src/middleware/with-webhook-signature-verified.ts b/src/middleware/with-webhook-signature-verified.ts index dc3c0d3..73406a2 100644 --- a/src/middleware/with-webhook-signature-verified.ts +++ b/src/middleware/with-webhook-signature-verified.ts @@ -3,7 +3,7 @@ import * as jose from "jose"; import { Middleware } from "retes"; import { Response } from "retes/response"; -import { SALEOR_SIGNATURE_HEADER } from "../const"; +import { SALEOR_DOMAIN_HEADER, SALEOR_SIGNATURE_HEADER } from "../const"; import { getSaleorHeaders } from "../headers"; import { getJwksUrl } from "../urls"; @@ -29,6 +29,13 @@ export const withWebhookSignatureVerified = }); } + if (!saleorDomain) { + return Response.BadRequest({ + success: false, + message: `${ERROR_MESSAGE} Missing ${SALEOR_DOMAIN_HEADER} header.`, + }); + } + if (secretKey !== undefined) { const calculatedSignature = crypto .createHmac("sha256", secretKey) From 14b5fb6460c535e0f9f6c1c13cd65e161963fd96 Mon Sep 17 00:00:00 2001 From: Krzysztof Wolski Date: Fri, 2 Sep 2022 16:53:40 +0200 Subject: [PATCH 2/3] Mark event type as unknown --- src/app-bridge/events.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app-bridge/events.ts b/src/app-bridge/events.ts index e66c615..2413eb3 100644 --- a/src/app-bridge/events.ts +++ b/src/app-bridge/events.ts @@ -53,4 +53,4 @@ export type PayloadOfEvent< TEventType extends EventType, TEvent extends Events = Events // @ts-ignore TODO - why this is not working with this tsconfig? Fixme -> = TEvent extends Event ? TEvent["payload"] : never; +> = TEvent extends Event ? TEvent["payload"] : never; From c745de5a2c9c6be6965b8e08b70e1aba4ef1df39 Mon Sep 17 00:00:00 2001 From: Krzysztof Wolski Date: Fri, 2 Sep 2022 16:55:14 +0200 Subject: [PATCH 3/3] Ignore type warning on log message --- src/app-bridge/app-bridge.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/app-bridge/app-bridge.ts b/src/app-bridge/app-bridge.ts index 9be7609..3a904e8 100644 --- a/src/app-bridge/app-bridge.ts +++ b/src/app-bridge/app-bridge.ts @@ -44,6 +44,7 @@ function eventStateReducer(state: AppBridgeState, event: Events) { /** * Event comes from API, so always assume it can be something not covered by TS */ + // eslint-disable-next-line @typescript-eslint/no-explicit-any console.warn(`Invalid event received: ${(event as any)?.type}`); return state; }